0

I have a set of text data, that are of high importance and I want to encrypt them. Be it to keep it on a cloud for redundancy, or for an extra layer of security in my local machines.

I understand AES256 is maybe the way to go.

My plan is to do the following and I would like to see your views and potential alternatives.

  • Encrypt the data with a highly robust algorithm (AES?) and a very long password with high entropy, like 50+ characters.
  • Store it in a cloud storage service (but not Google Drive or LastPass or similar) which has acquired a serious set of certifications and compliances (eg AWS, Azure). If a hospital or the army is storing their records there, it should be good for me I believe (??)
  • Use encryption at rest in the aforementioned service and all best practices available (eg not accessible outside of your account, 2FA etc).
py_script
  • 781
  • 2
  • 7
  • 10

1 Answers1

1

I assume that the threat that you are trying to mitigate is the threat of someone (e.g. the cloud service provider or an attacker) that has gained access to the encrypted file being able to decrypt the file. AES256 is the strongest encryption that we have at the moment. Nearly all modern secure protocols (e.g. TLS, Signal, SSH, OpenVPN, etc.) rely on AES at their core. So, you'll want to use AES.

Then, the strength of the key is vital. You can derive a key from a password using a key derivation function. But, any key derived from a password will at most be as strong as a random key generated by a CSPRNG. So, you might want to simply use a CSPRNG to create a random 256-bit key.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • Thats my exact requirement. I prefer to have the password in mind so that I don't have to note it anywhere. Do you have any suggested reading on how to do this? – py_script Sep 05 '21 at 14:48
  • AES256 requires a 256-bit key. Passwords are usually not 256 bits, so you can use a key derivation function (such as PBKF2, Argon2, etc.) to derive a key from a password and a salt (the salt is to prevent attackers from using rainbow tables). See https://crypto.stackexchange.com/questions/3298/is-there-a-standard-for-openssl-interoperable-aes-encryption for how openssl does this. – mti2935 Sep 05 '21 at 15:05
  • Thanks for the hint. Do you see any flaw in my approach? Would it make you feel confident? – py_script Sep 05 '21 at 15:13
  • 1
    AES256 is the strongest we have at the moment. It should protect you against most (all?) attackers, but there is some question about how well it will hold up in the future against quantum computing, and nobody knows what the NSA and the like are capable of. What's essential is that you have a strong key. If you are going to derive a key from a password, then make sure the password is very long and very high entropy, and cannot be cracked using tools like hashcat or johntheripper. Related: https://security.stackexchange.com/questions/254024/backup-aes-128-encrypted-file-in-cloud-sync/254038 – mti2935 Sep 05 '21 at 15:18
  • I understand. Quantum computing is a concern I have indeed. Also, would you choose to store it in a cloud storage like S3 or in a password manager like LastPass (encrypted in both cases)? – py_script Sep 05 '21 at 15:31
  • 1
    Either way. you're storing the encrypted files on the cloud storage provider's servers. So, I'm not sure it matters which method you use. The alternative is that you store your own files, using your own storage. So, it comes down to the question of whether or not you feel that the benefits of storing encrypted files in the cloud outweigh the risks of doing so. – mti2935 Sep 05 '21 at 15:45
  • 2
    You all forgot that, the integrity and availability. You need to store it in more than one place and use AES-GCM. – kelalaka Sep 06 '21 at 13:14